One aspect of computer security involves protecting computer systems from malicious software, also known as “malware.” Malware comes in many forms; however, many common varieties of malware perform reads or other accesses to unauthorized locations in computer memory. For example, certain malware scans computer memory to locate useful libraries or other code to access system APIs. Thus, a series of unusual memory reads may be a useful indicator of malicious activity. Unauthorized reads may be detected using page-based exceptions (i.e., page faults). Detecting unauthorized reads using page-based exceptions typically requires operating system and/or hypervisor support and may only detect reads at a relatively crude resolution (e.g., per each 4 k memory page).
Some computer processors provide support for hardware transactional memory. Transactional memory allows the programmer to designate a segment of code called a “transaction” to execute independently and atomically. That is, memory operations occurring within the transaction are not visible to other transactions or threads executing on the computing system until the transaction is successfully committed. After successful commit, all memory changes made during the transaction are instantaneously available to other threads on the system. Transactional memory may be implemented by speculatively executing the transaction, detecting any memory conflicts that occur during execution of the transaction, and then aborting and rolling back the transaction in response to memory conflicts. Memory conflicts include, for example, a transaction attempting to write to a memory location that has already been read or written-to by another transaction. Transactional memory may simplify the programming model for parallel computing. One commercially available example of hardware transactional memory support is Transactional Synchronization Extensions (Intel® TSX), available on certain processors manufactured by Intel® Corporation. Pending applications PCT/US2013/075805, filed on Dec. 17, 2013, and U.S. application Ser. No. 14/228,842, filed on Mar. 28, 2014, describe two techniques for detecting unauthorized memory writes (memory modifications) using hardware transactional memory support.